US10848513B2ActiveUtilityA1

Threat mitigation system and method

85
Assignee: RELIAQUEST HOLDINGS LLCPriority: Jun 6, 2018Filed: Jun 6, 2019Granted: Nov 24, 2020
Est. expiryJun 6, 2038(~11.9 yrs left)· nominal 20-yr term from priority
G06F 21/577H04L 63/1425G06N 7/01G06F 18/214G06F 2221/034G06F 21/568G06F 21/566G06F 21/562G06F 21/561G06F 21/53G06F 21/554H04L 63/0227G06F 21/55G06F 8/65H04L 63/20G06F 30/20G06N 20/00G06F 21/56H04L 63/145H04L 63/1408H04L 63/1416H04L 63/1441H04L 63/0263G06F 2221/2115H04L 63/164H04L 63/1433G06K 9/6256G06F 18/20
85
PatentIndex Score
1
Cited by
346
References
24
Claims

Abstract

A computer-implemented method, computer program product and computing system for: allowing a third-party to select a training routine for a specific attack of a computing platform, thus defining a selected training routine; analyzing the requirements of the selected training routine to determine a quantity of entities required to effectuate the selected training routine, thus defining one or more required entities; generating one or more virtual machines to emulate the one or more required entities; and generating a simulation of the specific attack by executing the selected training routine.

Claims

exact text as granted — not AI-modified
What is claimed is: 
     
       1. A computer-implemented method, executed on a computing device, comprising:
 defining a selected training routine including receiving, from a third-party, a selection of a training routine for a specific attack of a computing platform; 
 analyzing requirements of the selected training routine to determine a quantity of entities required to effectuate the selected training routine to define one or more required entities; 
 generating one or more virtual machines to emulate the one or more required entities, wherein each of the one or more virtual machines that are generated correspond to a respective required entity of the one or more required entities, wherein the respective entity includes at least one of an attacked device, a first attacking device, and a second attacking device; 
 generating a simulation of the specific attack by executing the selected training routine; 
 rendering a view of the simulation of the specific attack for a trainee; and 
 receiving a trainee response to the simulation of the specific attack from the trainee, including revising the training routine for the specific attack based, at least in part, upon the trainee response. 
 
     
     
       2. The computer-implemented method of  claim 1  wherein defining a selected training routine includes:
 receiving, from the third-party, a selection of a specific training routine from a plurality of available training routines. 
 
     
     
       3. The computer-implemented method of  claim 1  wherein generating the simulation of the specific attack by executing the selected training routine includes:
 rendering the simulation of the specific attack by executing the selected training routine within a controlled test environment. 
 
     
     
       4. The computer-implemented method of  claim 3  wherein the controlled test environment is a virtual machine executed on the computing device. 
     
     
       5. The computer-implemented method of  claim 1  further comprising:
 determining an effectiveness of the trainee response. 
 
     
     
       6. The computer-implemented method of  claim 5  wherein determining the effectiveness of the trainee response includes:
 assigning a grade to the trainee response. 
 
     
     
       7. The computer-implemented method of  claim 1  further comprising:
 ceasing the simulation of the specific attack. 
 
     
     
       8. The computer-implemented method of  claim 7  wherein ceasing the simulation of the specific attack includes:
 shutting down the one or more virtual machines. 
 
     
     
       9. A computer program product residing on a non-transitory computer readable medium having a plurality of instructions stored thereon which, when executed by a processor, cause the processor to perform operations comprising:
 defining a selected training routine including receiving, from a third-party, a selection of a training routine for a specific attack of a computing platform; 
 analyzing requirements of the selected training routine to determine a quantity of entities required to effectuate the selected training routine to define one or more required entities; 
 generating one or more virtual machines to emulate the one or more required entities, wherein each of the one or more virtual machines that are generated correspond to a respective required entity of the one or more required entities, wherein the respective entity includes at least one of an attacked device, a first attacking device, and a second attacking device; 
 generating a simulation of the specific attack by executing the selected training routine; 
 rendering a view of the simulation of the specific attack for a trainee; and 
 receiving a trainee response to the simulation of the specific attack from the trainee, including revising the training routine for the specific attack based, at least in part, upon the trainee response. 
 
     
     
       10. The computer program product of  claim 9  wherein defining a selected training routine includes:
 receiving, from the third-party, a selection of a specific training routine from a plurality of available training routines. 
 
     
     
       11. The computer program product of  claim 9  wherein generating the simulation of the specific attack by executing the selected training routine includes:
 rendering the simulation of the specific attack by executing the selected training routine within a controlled test environment. 
 
     
     
       12. The computer program product of  claim 11  wherein the controlled test environment is a virtual machine executed on the computing device. 
     
     
       13. The computer program product of  claim 9  further comprising:
 determining an effectiveness of the trainee response. 
 
     
     
       14. The computer program product of  claim 13  wherein determining the effectiveness of the trainee response includes:
 assigning a grade to the trainee response. 
 
     
     
       15. The computer program product of  claim 9  further comprising:
 ceasing the simulation of the specific attack. 
 
     
     
       16. The computer program product of  claim 15  wherein ceasing the simulation of the specific attack includes:
 shutting down the one or more virtual machines. 
 
     
     
       17. A computing system comprising:
 a hardware processor and a memory configured to perform operations comprising:
 defining a selected training routine including receiving, from a third-party, a selection of a training routine for a specific attack of a computing platform; 
 analyzing requirements of the selected training routine to determine a quantity of entities required to effectuate the selected training routine to define one or more required entities; 
 generating one or more virtual machines to emulate the one or more required entities, wherein each of the one or more virtual machines that are generated correspond to a respective required entity of the one or more required entities, wherein the respective entity includes at least one of an attacked device, a first attacking device, and a second attacking device; 
 generating a simulation of the specific attack by executing the selected training routine; 
 rendering a view of the simulation of the specific attack for a trainee; and 
 receiving a trainee response to the simulation of the specific attack from the trainee, including revising the training routine for the specific attack based, at least in part, upon the trainee response. 
 
 
     
     
       18. The computing system of  claim 17  wherein defining a selected training routine includes:
 receiving, from the third-party, a selection of a specific training routine from a plurality of available training routines. 
 
     
     
       19. The computing system of  claim 17  wherein generating the simulation of the specific attack by executing the selected training routine includes:
 rendering the simulation of the specific attack by executing the selected training routine within a controlled test environment. 
 
     
     
       20. The computing system of  claim 19  wherein the controlled test environment is a virtual machine executed on the computing device. 
     
     
       21. The computing system of  claim 17  further comprising:
 determining an effectiveness of the trainee response. 
 
     
     
       22. The computing system of  claim 21  wherein determining the effectiveness of the trainee response includes:
 assigning a grade to the trainee response. 
 
     
     
       23. The computing system of  claim 17  further comprising:
 ceasing the simulation of the specific attack. 
 
     
     
       24. The computing system of  claim 23  wherein ceasing the simulation of the specific attack includes:
 shutting down the one or more virtual machines.

Cited by (0)

No later patents cite this yet.

References (0)

No backward citations on record.